December 11, 2023

Researchers have identified vulnerabilities in Fortinet FortiOS that can be used by threat actors for malicious activities.

The vulnerabilities are Cross-Site scripting (XSS) and Cross-Site request forgery (CSRF) vulnerabilities. These vulnerabilities have been given the CVE IDs CVE-2023-29183 with a CVSS score of 5.4 and CVE-2023-34984 with a CVSS score of 8.8.


This vulnerability exists due to improper input neutralization during web page generation, which could allow an authenticated attacker to execute a malicious JavaScript code through a crafted guest management setting. Fortinet has given the severity for this vulnerability as 7.3 (High). 

Affected version:

FortiProxy – 7.2.0 through through 7.0.10

FortiOS – 7.2.0 through 7.2.4,7.0.0 through 7.0.11,6.4.0 through 6.4.12,6.2.0 through 6.2.14



This vulnerability exists due to a failure in the protection mechanism in FortiWeb, which could allow a threat actor to bypass CSRF and XSS protections. The severity for this vulnerability has been given as 8.8 (High).

Affected Versions :

FortiWeb- 7.2.0 through through all versions6.3 all versions

Users of these products are recommended to upgrade to the latest versions of these products to prevent these vulnerabilities from getting exploited by threat actors.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.